Connecticut agencies hit with WannaCry

By Matt Leonard

Feb 26, 2018

The WannaCry ransomware virus made its way onto about 160 computers in 11 different Connecticut government agencies, according to Mark Raymond, the state’s CIO.

The state’s security monitoring system alerted officials of the breach Friday afternoon. IT staff worked through the weekend and were able to contain the malware by Sunday night, Jeffrey Beckham, a spokesman for the state’s Department of Administrative Services, told the Connecticut Post.

Early reports placed the number of affected agencies at 12, but there was one false positive, Raymond told GCN.

Most of the state government's computers were safe thanks to regular patching and antivirus protection. “Generally we’re doing a very good jobs” of installing patches and antivirus software on the state’s more than 30,000 devices, Raymond said. But this attack highlighted the fact that some devices “have fallen through the cracks,” he said.

Finding out how that happened will be part of an investigation, he said. The state is currently in the recovery phase, which involves quarantining the affected machines and rebuilding them with the appropriate patches and antivirus in place.

“We haven’t handled something like this before,” Raymond said.

The state will review its network logs and detection systems to determine how it entered the network and how it spread from machine to machine.

The WannaCry virus showed itself to the world for the first time on May 12, 2017, and has hit hundreds of thousands of computers globally, according to the security research firm Symantec. It exploits a vulnerability in Windows that a 2017 update will patch.

Once on a system, WannaCry will lock users out of their files and ask for payment, usually in bitcoin, to get the files back. So far, thought, there are no reports of lost data as a result of the breach in Connecticut.

Connecticut is not alone in its fight against cyberattacks. The Colorado Department of Transportation and the city of Allentown, Pa. experienced large breaches earlier this month, according to SC Media.

CDOT was able to restore its system from backups. But the malware attack in Allentown could cost the town $1 million, according to the Allentown Morning Call.

About the Author

Matt Leonard is a reporter/producer at GCN.

Before joining GCN, Leonard worked as a local reporter for The Smithfield Times in southeastern Virginia. In his time there he wrote about town council meetings, local crime and what to do if a beaver dam floods your back yard. Over the last few years, he has spent time at The Commonwealth Times, The Denver Post and WTVR-CBS 6. He is a graduate of Virginia Commonwealth University, where he received the faculty award for print and online journalism.